#44 - Talk to Aikido Autofix, Pentest Threat Model and support for Alibaba Cloud

Features

• Talk to Aikido AutoFix: Refine with Aikido AI lets you iteratively adjust AutoFixes using natural language. Adapt AutoFixes to your code style without leaving Aikido.

• Pentest Threat Model: A real-time, transparent view of your attack surface and how your application's security posture will be tested.

• Alibaba Cloud: Aikido now supports finding configuration issues in Alibaba Cloud, scan for misconfigs, exposed resources, and risky settings across your entire environment.

Aikido Intel - Malware & Vulnerability Database

Our research team discovered more than #102 new vulnerabilities over the last two weeks!

Glassworm is back with new attack campaigns targeting npm, GitHub, and VSCode ecosystems, including Unicode-based obfuscation techniques and malicious React packages harvesting phone numbers.

Improvements

• SAST - Add Custom Context on SAST Rules to improve AutoTriage

• Cloud & VM - CVEs are now displayed on the VM attack path diagrams

• MCP - Aikido Claude Plugin

• Integrations - Jira / Task trackers

  • Map Teams to Projects

  • Custom Priority mapping

• Zen Firewall - Agent releases for Dotnet, Java, Python, and Golang

• IDE - New releases for VSCode, and Jetbrains

• Betterleaks: Aikido is sponsoring the next iteration of Gitleaks with more features, improved accuracy, and 5.2x better performance versus Gitleaks.

• API - List attack surface subdomains

• API - Webhook for manual severity changes

• API - Unlink container from repository

• API - Get AI Pentest issue details